General
-
Target
f294a9d0f15513f519dfda080b37906851d8614d1211abc5f6141cd6ef6bfe7f
-
Size
2.6MB
-
Sample
220215-fe484scdcm
-
MD5
fda089a638a02b64c5175fbed3e4918b
-
SHA1
eef6c75a650b5d1f2f34b988fc88ceb328312c15
-
SHA256
f294a9d0f15513f519dfda080b37906851d8614d1211abc5f6141cd6ef6bfe7f
-
SHA512
7a9d15d37fa40898b49015f457546439a61ba7ba644b082d1c6bd0f10a6a7fded631937e255839beadf966c6577650f30601333bbb852a1a9625d1e561355c96
Static task
static1
Behavioral task
behavioral1
Sample
f294a9d0f15513f519dfda080b37906851d8614d1211abc5f6141cd6ef6bfe7f.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
f294a9d0f15513f519dfda080b37906851d8614d1211abc5f6141cd6ef6bfe7f
-
Size
2.6MB
-
MD5
fda089a638a02b64c5175fbed3e4918b
-
SHA1
eef6c75a650b5d1f2f34b988fc88ceb328312c15
-
SHA256
f294a9d0f15513f519dfda080b37906851d8614d1211abc5f6141cd6ef6bfe7f
-
SHA512
7a9d15d37fa40898b49015f457546439a61ba7ba644b082d1c6bd0f10a6a7fded631937e255839beadf966c6577650f30601333bbb852a1a9625d1e561355c96
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-